[Nagiosplug-devel] [ nagiosplug-Bugs-1180762 ] check_ssh does not properly close connection

SourceForge.net noreply at sourceforge.net
Sat Mar 27 08:21:29 CET 2010


Bugs item #1180762, was opened at 2005-04-11 07:41
Message generated for change (Comment added) made by christian42
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1180762&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: Release (specify)
Status: Closed
Resolution: Wont Fix
Priority: 5
Private: No
Submitted By: M. Sean Finney (seanius)
Assigned to: Thomas Guyot-Sionnest (dermoth)
Summary: check_ssh does not properly close connection

Initial Comment:
with 1.4 and later, it looks like check_ssh doesn't
properly close connections.  for example, this is the
previous behaviour of check_ssh in the 1.3 series:

Apr 11 10:24:03 appsrv1 sshd[9822]: Connection closed
by xxx.xxx.64.52

but in 1.4:

appsrv1 sshd[10154]: fatal: Read from socket failed:
Connection reset by peer

i think this is just because close() isn't being
called.  i will verify this shortly...

----------------------------------------------------------------------

Comment By: Christian (christian42)
Date: 2010-03-27 00:21

Message:
Sorry to revive such an old issue, but I don't think this is resolved yet.
I just built nagiosplugins-1.4.14 on Solaris 10/x86 and see the same old
issue:

---------------------------------------------------------
ray1# uname -a
SunOS ray1 5.10 Generic_141445-09 i86pc i386 i86pc
ray1# pwd
/home/c/nagios-plugins-1.4.14
ray1# file ./plugins/check_ssh
./plugins/check_ssh:    ELF 32-bit LSB executable 80386 Version 1,
dynamically linked, not stripped

ray1# ./plugins/check_ssh localhost
SSH OK - Sun_SSH_1.1.2 (protocol 2.0)

ray1# dmesg | tail -1
Mar 27 08:06:43 ray1 sshd[7169]: [ID 800047 auth.crit] fatal: Read from
socket failed: Connection reset by peer
---------------------------------------------------------

A similar installation on sparc (also with 1.4.14) shows the same result.

When running through truss(1) it seems that the socket /is/ being closed
though:

-------------------------------
10758/1:         0.0278 so_socket(PF_INET, SOCK_STREAM, IPPROTO_IP, "",
SOV_DEFAULT) = 3
10758/1:         0.0280 connect(3, 0x0002CF10, 16, SOV_DEFAULT)         =
0
[...]
10758/1:         0.0338 close(3)                                        =
0
-------------------------------

So, maybe it's something else (and not a missing close()) causing these
messages?
During the connect and when one is fast enough, for a second or so one can
see in netstat:

127.0.0.1.33748      127.0.0.1.22         49152      0 49152      0
FIN_WAIT_2
127.0.0.1.22         127.0.0.1.33748      49152      0 49152      0
CLOSE_WAIT

Any ideas how to debug this further?

Thanks,
Christian.

PS: Why was this closed as "Wont Fix" when clearly a change has been
commited?

----------------------------------------------------------------------

Comment By: Sergey Svishchev (shattered)
Date: 2007-11-06 00:13

Message:
Logged In: YES 
user_id=45207
Originator: NO

I'm using OpenSSH_3.8.1p1 FreeBSD-20060123 (shipped in FreeBSD 5.5) and
can reproduce it at will.

----------------------------------------------------------------------

Comment By: Thomas Guyot-Sionnest (dermoth)
Date: 2007-11-02 05:58

Message:
Logged In: YES 
user_id=375623
Originator: NO

Yes, emias made me realize that on IRC yesterday.

I looked into it and I won't fix this because:

1. I can't reproduce it on OpenSSH, even with DEBUG logging (What SSH
server/version are you using?)

2. There's no simple way to do that. It would at the very least require
implementing the key exchange part of the protocol; I didn't even look
further as this is way beyond the scope of this plugin.

I suggest that you rather look into your SSH daemon or logging daemon
configuration; or get this fixed with your ssh vendor.

----------------------------------------------------------------------

Comment By: Sergey Svishchev (shattered)
Date: 2007-11-01 22:32

Message:
Logged In: YES 
user_id=45207
Originator: NO

It's check_ssh, not check_by_ssh.

----------------------------------------------------------------------

Comment By: Thomas Guyot-Sionnest (dermoth)
Date: 2007-11-01 19:29

Message:
Logged In: YES 
user_id=375623
Originator: NO

There's no close in there, and no signs of seanius's commit. He either
forgot to commit or commited it to the wrong branch...

I'll take a look shortly. Since I never used check_by_ssh it'll help if
you can give me a sample command-ling and what to look for (In logs I
guess), so I won't have to reinvent the wheel :)

Thanks

----------------------------------------------------------------------

Comment By: Sergey Svishchev (shattered)
Date: 2007-10-31 07:34

Message:
Logged In: YES 
user_id=45207
Originator: NO

This is still a problem in 1.4.3 -- evidently, close() is not enough.

----------------------------------------------------------------------

Comment By: M. Sean Finney (seanius)
Date: 2005-04-11 11:07

Message:
Logged In: YES 
user_id=226838

yup, calling close() before exiting resolves this problem,
i've committed a change to cvs

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1180762&group_id=29880




More information about the Devel mailing list